pod2g posts more details on Corona untether

pod2g has updated his blog with more details on how the Corona untether actually works. If the deep inner workings of exploits such as this interest you, it's definitely something you'll want to check out.

Using a fuzzer, I found after some hours of work that there's a format string vulnerability in the racoon configuration parsing code! racoon is the IPsec IKE daemon (http://ipsec-tools.sourceforge.net/). It comes by default with iOS and is started when you setup an IPsec connection.